Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Montgomery-friendly primes and applications to cryptography

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

This paper deals with Montgomery-friendly primes designed for the modular reduction algorithm of Montgomery. These numbers are scattered in the literature and their properties are partially exploited. We exhibit a large family of Montgomery-friendly primes which give rise to efficient modular reduction algorithms. We develop two main outcomes. The first one is dedicated directly to cryptography, in particular for isogeny-based approaches and more generally to elliptic curves cryptography (ECC). We suggest more appropriate finite fields and curves in terms of complexity for the recommended security levels, for both isogeny-based cryptography and ECC. The second issue is mainly arithmetic (even if its main use is cryptography), and we propose families of alternative RNS bases. We show that, for dedicated architectures with word operators, we can reach, for a same or better complexity, larger RNS bases with Montgomery-friendly pairwise co-primes than the RNS bases generally used in the literature with pseudo-Mersenne numbers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. https://csrc.nist.gov/publications/detail/fips/186/4/final.

  2. In the file P503_internal.h of SIKE NWORDS_FIELD = 8 and p503_ZERO_WORDS = 3 with \(p_{512}\), the first stays to 8 but the second passes to 4, that makes the different for the first internal loop in rdc_mont function.

References

  1. Adj, G., Cervantes-Vázquez, D., Chi-Domínguez, J.J., Menezes, A., Rodríguez-Henríquez, F.: On the cost of computing isogenies between supersingular elliptic curves. In: Cid, C., Jacobson Jr., M.J. (eds.) Selected Areas in Cryptography—SAC 2018, Lecture Notes in Computer Science, vol. 11349, pp. 322–343 (2019)

  2. Antao, S., Bajard, J.C., Sousa, L.: Elliptic Curve point multiplication on GPUs. In: 21st IEEE International Conference on Application-specific Systems Architectures and Processors, ASAP (2010). https://doi.org/10.1109/ASAP.2010.5541000

  3. Azarderakhsh, R., Campagna, M., Costello, C., Feo, L.D., Hess, B., Jalali, A., Jao, D., Koziel, B., LaMacchia, B., Longa, P., Naehrig, M., Pereira, G., Renes, J., Soukharev, V., Urbanik, D.: Supersingular Isogeny Key Encapsulation. Technical report, Submission to the NIST’s post-quantum cryptography standardization process (2019). https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions/SIKE.zip

  4. Azarderakhsh, R., Campagna, M., Costello, C., Feo, L.D., Hess, B., Jalali, A., Jao, D., Koziel, B., LaMacchia, B., Longa, P., Naehrig, M., Renes, J., Soukharev, V., Urbanik, D.: Supersingular Isogeny KeY Encapsulation, Technical report. Submission to the NIST’s post-quantum cryptography standardization process (2017). https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/SIKE.zip

  5. Bajard, J., Didier, L., Kornerup, P.: An RNS Montgomery modular multiplication algorithm. In: 13th Symposium on Computer Arithmetic (ARITH-13 ’97), 6–9 July 1997, Asilomar, CA, USA, pp. 234–239 (1997)

  6. Bajard, J., Didier, L., Kornerup, P.: Modular multiplication and base extensions in residue number systems. In: 15th IEEE Symposium on Computer Arithmetic (Arith-15 2001), 11–17 June 2001, Vail, CO, USA, pp. 59–65 (2001)

  7. Bajard, J.C., Eynard, J., Hasan, M.A., Zucca, V.: A full RNS variant of FV like somewhat homomorphic encryption schemes. In: 23rd International Conference on Selected Areas in Cryptography—SAC, Lecture Notes in Computer Science, vol. 10532, pp. 423–442. Springer, Berlin (2016). 10.1007/978-3-319-69453-5\_23

  8. Bajard, J.C., Imbert, L.: A full RNS implementation of RSA. IEEE Trans. Comput. (2004). https://doi.org/10.1109/TC.2004.2

    Article  Google Scholar 

  9. Bajard, J.C., Merkiche, N.: Double level Montgomery Cox–Rower architecture, new bounds. In: Smart Card Research and Advanced Applications. CARDIS 2014, Lecture Notes in Computer Science, vol 8968. Springer, Berlin (2014)

  10. Bernstein, D., Lange, T.: Safecurves: choosing safe curves for elliptic-curve cryptography. http://safecurves.cr.yp.to

  11. Bernstein, D.J.: Curve25519: new Diffie–Hellman speed records. In: Public Key Cryptography—PKC 2006, Lecture Notes in Computer Science, pp. 207–228 (2006)

  12. Bernstein, D.J., Chuengsatiansup, C., Lange, T., Schwabe, P.: Kummer strikes back: new DH speed records. In: Advances in Cryptology—ASIACRYPT 2014, Lecture notes in Computer Science, vol. 8873, pp. 317–337 (2014)

  13. Bos, J., Lenstra, A. (eds.): Topics in Computational Number Theory Inspired by Peter L. Montgomery. Cambridge University Press, Cambridge (2017). https://doi.org/10.1017/9781316271575

    Book  MATH  Google Scholar 

  14. Bos, J.W., Costello, C., Hisil, H., Lauter, K.: Fast cryptography in genus 2. In: Johansson, T., Nguyen, P.Q. (eds.) Advances in Cryptology—EUROCRYPT 2013, pp. 194–210. Springer, Berlin (2013)

    Chapter  Google Scholar 

  15. Bos, J.W., Costello, C., Longa, P., Naehrig, M.: Selecting elliptic curves for cryptography: an efficiency and security analysis. J. Cryptogr. Eng. 6(4), 259–286 (2016)

    Article  Google Scholar 

  16. Bos, J.W., Montgomery, P.L.: Montgomery Arithmetic from a Software Perspective, pp. 10–39. Cambridge University Press, Cambridge (2017). https://doi.org/10.1017/9781316271575.003

    Book  Google Scholar 

  17. Cheung, R.C.C., Duquesne, S., Fan, J., Guillermin, N., Verbauwhede, I., Yao, G.X.: FPGA implementation of pairings using residue number system and lazy reduction. In: Cryptographic Hardware and Embedded Systems—CHES 2011, Lecture Notes in Computer Science, vol. 6917, pp. 421–441. Springer, Berlin (2011). 10.1007/978-3-642-23951-9\_28

  18. Costello, C., Jao, D., Longa, P., Naehrig, M., Renes, J., Urbanik, D.: Efficient compression of Sidh public keys. In: Coron, J.S., Nielsen, J.B. (eds.) Advances in Cryptology—EUROCRYPT 2017, Lecture Notes in Computer Science, vol. 10210, pp. 679–706 (2017)

  19. Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie–Hellman. In: Robshaw, M., Katz, J. (eds.) Advances in Cryptology—CRYPTO 2016, Lecture Notes in Computer Science, vol. 9814, pp. 572–601 (2016)

  20. Couveignes, J.M.: Hard homogeneous spaces. Cryptology ePrint Archive, Report 2006/291 (2006). https://eprint.iacr.org/2006/291

  21. Crandall, R.: Method and apparatus for public key exchange in a cryptographic system (1992). U.S. Patent #5159632

  22. Gallagher, P., Foreword, D.D., Director, C.F.: FIPS PUB 186-3 federal information processing standards publication digital signature standard (DSS) (2009). U.S. Department of Commerce/National Institute of Standards and Technology

  23. Gandino, F., Lamberti, F., Paravati, G., Bajard, J.C., Montuschi, P.: An algorithmic and architectural study of Montgomery exponentiation in RNS. IEEE Trans. Comput. 61(8), 1071–1083 (2012)

    Article  MathSciNet  Google Scholar 

  24. Garner, H.L.: The residue number System. IRE Trans. Electron. Comput. 8(2), 140–147 (1959). https://doi.org/10.1109/TEC.1959.5219515

    Article  Google Scholar 

  25. Guillermin, N.: A high speed coprocessor for elliptic curve scalar multiplications over FP. In: CHES2010, LNCS, vol. 6225. Springer, Berlin (2010)

  26. Halevi, S., Polyakov, Y., Shoup, V.: An improved RNS variant of the BFV homomorphic encryption scheme. In: Topics in Cryptology—CT-RSA 2019—The Cryptographers’ Track at the RSA Conference, Lecture Notes in Computer Science, vol. 11405, pp. 83–105. Springer, Berlin (2019). https://doi.org/10.1007/978-3-030-12612-4_5

  27. Hamburg, M.: Fast and compact elliptic-curve cryptography. IACR Cryptology ePrint Archive, p. 309 (2012). http://eprint.iacr.org/2012/309

  28. Hamburg, M.: Ed448-goldilocks, a new elliptic curve. Cryptology ePrint Archive, Report 2015/625 (2015). https://eprint.iacr.org/2015/625

  29. Jao, D., De Feo, L., Plut, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8(3), 209–247 (2014)

    MathSciNet  MATH  Google Scholar 

  30. Jao, D., Feo, L.D.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: PQCrypto 2011: Post-Quantum Cryptography, Lecture Notes in Computer, vol. 7071, pp. 19–34. Springer, Berlin (2011)

  31. Joux, A.: A one round protocol for tripartite Diffie–Hellman. J. Cryptol. 17(4), 263–276 (2004). https://doi.org/10.1007/s00145-004-0312-y

    Article  MathSciNet  MATH  Google Scholar 

  32. Kawamura, S., Koike, M., Sano, F., Shimbo, A.: Cox–Rower architecture for fast parallel Montgomery multiplication. In: Proceedings of the EUROCRYPT 2000, LNCS, vol. 1807, pp. 523–538. Springer, Berlin (2000)

  33. Kawamura, S., Komano, Y., Shimizu, H., Yonemura, T.: RNS Montgomery reduction algorithms using quadratic residuosity. J. Cryptogr. Eng. 9(4), 313–331 (2019)

    Article  Google Scholar 

  34. Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48, 203–209 (1987). https://doi.org/10.1090/S0025-5718-1987-0866109-5

    Article  MathSciNet  MATH  Google Scholar 

  35. Koziel, B., Azarderakhsh, R., Mozaffari Kermani, M., Jao, D.: Post-quantum cryptography on FPGA based on isogenies on elliptic curves. IEEE Trans. Circuits Syst. I Reg. Pap. 64(1), 86–99 (2017)

    Article  Google Scholar 

  36. Miller, V.S.: Use of elliptic curves in cryptography. In: Advances in Cryptology–CRYPTO ’85 Proceedings, Lecture Notes in Computer Science, vol. 218, pp. 417–426. Springer, Berlin (1985)

  37. Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44, 519–521 (1985)

    Article  MathSciNet  Google Scholar 

  38. Murty, R.: Prime numbers and irreducible polynomials. Am. Math. Mon. 109(5), 452–458 (2002)

    Article  MathSciNet  Google Scholar 

  39. NIST: Post-quantum cryptography standardization (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization

  40. Posch, K., Posch, R.: Modulo reduction in residue number systems. IEEE Trans. Parallel Distrib. Syst. 6(5), 449–454 (1995)

    Article  Google Scholar 

  41. Renes, J., Schwabe, P., Smith, B., Batina, L.: \(\mu \)Kummer: efficient hyperelliptic signatures and key exchange on microcontrollers. In: Cryptographic Hardware and Embedded Systems—CHES 2016, Lecture Notes in Computer Science, vol. 9813, p. 20 (2016)

  42. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978). https://doi.org/10.1145/359340.359342

    Article  MathSciNet  MATH  Google Scholar 

  43. Robinson, R.M.: Mersenne and Fermat numbers. Proc. Am. Math. Soc. 5, 842–846 (1954)

    Article  MathSciNet  Google Scholar 

  44. Shenoy, A.P., Kumaresan, R.: Fast base extension using a redundant modulus in RNS. IEEE Trans. Comput. 38(2), 292–297 (1989)

    Article  Google Scholar 

  45. Solinas, J.A.: Generalized Mersenne Numbers, Technical Report CORR-99-39. Center for Applied Cryptographic Research, University of Waterloo (1999)

  46. van der Hoven, J.: Fast Chinese remaindering in practice. In: Mathematical Aspects of Computer and Information Sciences. MACIS 2017, Lecture Notes in Computer Science, vol. 10693. Springer, Berlin (2017)

Download references

Acknowledgements

We thank the reviewers; their comments were very constructive and helped us to improve significantly this paper. This work was funded by Agence National de la Recherche ANR-15-CE39-0002 ARRAND.

Author information

Authors and Affiliations

  1. Sorbonne Université, CNRS, INRIA, Institut de Mathématiques de Jussieu - Paris Rive Gauche, Ouragan, 75005, Paris, France

    Jean Claude Bajard

  2. Université Rennes 1, CNRS, IRMAR, 35000, Rennes, France

    Sylvain Duquesne

Authors
  1. Jean Claude Bajard
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvain Duquesne
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jean Claude Bajard.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bajard, J.C., Duquesne, S. Montgomery-friendly primes and applications to cryptography. J Cryptogr Eng 11, 399–415 (2021). https://doi.org/10.1007/s13389-021-00260-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-021-00260-z

Search

Navigation